[Discourse.ros.org] [General] Announcing Secure ROS

[Discourse.ros.org] [General] Announcing Secure ROS

Hello:

I'd like to announce the Secure ROS project (http://secure-ros.csl.sri.com/). Secure ROS is a "fork" of core ROS packages to enable secure communication among ROS nodes. The main goal of Secure ROS is to enable secure communication for regular users of ROS.

Secure ROS uses IPSec in transport mode and modified versions of the ROS master, _rospy_ module and _roscpp_ library to ensure secure communication. At run time, the user can specify authorized subscribers and publishers to topics, setters and getters to parameters and providers (servers) and requesters (clients) of services in the form of a YAML configuration file for the ROS master. Secure ROS allows only authorized nodes to connect to topics, services and parameters listed in the configuration file.

The goal of Secure ROS is similar to SROS which was announced last year, but the approach is different. Secure ROS allows easy re-use of existing ROS nodes and packages.

[Discourse.ros.org] [General] Announcing Secure ROS

@asundaresan Could u please share some information for the following questions:
what's the difference btw Secure ROS and SROS ?
will SROS and Secure ROS be developed in parallel or lean to one of them for ROS?
ROS2 is up and it's totally different infrastructure than ROS, so the security on ROS will be kept forever or obsolete when ROS2 is adopted/used widely in the future ?

[Discourse.ros.org] [General] Announcing Secure ROS

I've been traveling and sorry for the delayed reply. Secure ROS has the same goals as SROS, but uses security at the IP address level. This means that you can have a config file which can list all the authorized accessors to various topics, services, parameters, etc. IP address spoofing is prevented using IPsec at the kernel level and is independent of ROS.

There is currently a PR for Secure ROS and it is conceivable for both Secure ROS and SROS to be present leaving the user to choose which he wants.

ROS2 is a different kettle of fish and is not within the scope of Secure ROS.

[Discourse.ros.org] [General] Announcing Secure ROS

@Roser: I don't know if IPsec can be used for multicast security in transport mode. Is there such a use case in ROS? In any case, just to be clear, IPsec is external to and independent from Secure ROS - but Secure ROS relies on the features that IPsec provides.